CVE-2018-25160

Name of the Vulnerable Software and Affected Versions HTTP::Session2 versions through 1.09

Description The software does not properly validate user-provided session IDs, which could allow for code injection or other impacts depending on the session backend. For example, if memcached is used for session storage, an attacker might be able to inject memcached commands within the session ID value.

Recommendations Update to a version of HTTP::Session2 greater than 1.09.